Win32/Injector.DQVY removal tips

The Win32/Injector.DQVY is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win32/Injector.DQVY virus can do?

Executable code extraction
Injection (inter-process)
Injection (Process Hollowing)
Creates RWX memory
Reads data out of its own binary image
Drops a binary and executes it
Unconventionial binary language: Bulgarian
Unconventionial language used in binary resources: Bulgarian
Executed a process and injected code into it, probably while unpacking
A process attempted to delay the analysis task by a long amount of time.
Installs itself for autorun at Windows startup
Creates a hidden or system file
Creates a copy of itself
Anomalous binary characteristics

Related domains:

z.whorecord.xyz

a.tomx.xyz

xlack.chickenkiller.com

xlack2017.duckdns.org

How to determine Win32/Injector.DQVY?


File Info:
crc32: 2F631CF9
md5: 184a9d9252a0e32a53f136a3c2bcae06
name: 184A9D9252A0E32A53F136A3C2BCAE06.mlw
sha1: a7442d1eaf340ab1e58890a1aff6fcd2dc937147
sha256: ddfaf4dc643f2ad82cad9f71186ccbd43d2dba357a5de8fb786203224c446a91
sha512: 08fba2469f25fca2190724472790dd6f89288ba9ac67a4a135af27541b65c18ca252c1cba8588d26ba2a949780bdc6d8fb6a65aed961ee0c3621fdc88e9ef2f3
ssdeep: 3072:cHkme5A2mDAoJauB3DhyTRYlwsA/QyQCL:cEmeA2krRPS/Qyv
type: PE32 executable (GUI) Intel 80386, for MS Windows

Version Info:
Translation: 0x0402 0x04b0
InternalName: Oscinidae7
FileVersion: 7.00
CompanyName: aSrock
ProductName: Calks
ProductVersion: 7.00
OriginalFilename: Oscinidae7.exe

Win32/Injector.DQVY also known as:

Bkav	W32.AIDetectVM.malware1
Elastic	malicious (high confidence)
DrWeb	BackDoor.Wirenet.345
MicroWorld-eScan	Gen:Heur.PonyStealer.nm0@c4!e9@mG
FireEye	Generic.mg.184a9d9252a0e32a
Qihoo-360	Win32/Trojan.560
McAfee	Packed-PW!184A9D9252A0
Cylance	Unsafe
VIPRE	Trojan.Win32.Generic!BT
Sangfor	Malware
K7AntiVirus	Trojan ( 005149401 )
BitDefender	Gen:Heur.PonyStealer.nm0@c4!e9@mG
K7GW	Trojan ( 005149401 )
Cybereason	malicious.252a0e
BitDefenderTheta	Gen:NN.ZevbaF.34804.nm0@a4!e9@mG
Cyren	W32/VBInject.ID.gen!Eldorado
Symantec	ML.Attribute.HighConfidence
TrendMicro-HouseCall	BKDR_TOFSEE.SMF
Avast	Win32:Malware-gen
ClamAV	Win.Packed.Ponystealer-7130189-0
Kaspersky	Trojan.Win32.VBKryjetor.aobj
NANO-Antivirus	Trojan.Win32.Wirenet.esjvrz
Rising	Trojan.Injector!8.C4 (CLOUD)
Ad-Aware	Gen:Heur.PonyStealer.nm0@c4!e9@mG
Sophos	ML/PE-A + Mal/FareitVB-M
Comodo	Malware@#1e8s8qpwsuf6b
F-Secure	Heuristic.HEUR/AGEN.1126317
TrendMicro	BKDR_TOFSEE.SMF
McAfee-GW-Edition	BehavesLike.Win32.Generic.dm
Emsisoft	Gen:Heur.PonyStealer.nm0@c4!e9@mG (B)
Ikarus	Virus.Win32.Injector
Jiangmin	Trojan.VBKryjetor.fgj
Avira	HEUR/AGEN.1126317
Antiy-AVL	Trojan/Win32.VBKryjetor
Microsoft	PWS:Win32/Zbot!ml
Arcabit	Trojan.PonyStealer.E9AD67
ZoneAlarm	Trojan.Win32.VBKryjetor.aobj
GData	Gen:Heur.PonyStealer.nm0@c4!e9@mG
Cynet	Malicious (score: 100)
AhnLab-V3	Trojan/Win32.VBKrypt.R212341
VBA32	TScope.Trojan.VB
MAX	malware (ai score=100)
Malwarebytes	Spyware.Pony
Panda	Trj/GdSda.A
APEX	Malicious
ESET-NOD32	a variant of Win32/Injector.DQVY
Tencent	Win32.Trojan.Vbkryjetor.Dxne
Yandex	Trojan.VBKryjetor!zhtOCiR9xd0
SentinelOne	Static AI – Malicious PE
eGambit	Unsafe.AI_Score_99%
Fortinet	W32/FareitVB.KAD!tr
AVG	Win32:Malware-gen
Paloalto	generic.ml
CrowdStrike	win/malicious_confidence_100% (D)

How to remove Win32/Injector.DQVY?

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

Win32/Injector.DQVY removal tips